1. Technical Field
This disclosure relates generally to information security and, in particular, to cryptography schemes that are implemented using mobile devices.
2. Background of the Related Art
The recent past has seen an enormous growth in the usage and capabilities of mobile devices, such as smartphones, tablets, and the like. Such devices comprise fast processors, large amounts of memory, gesture-based multi-touch screens, and integrated multi-media and GPS hardware chips. Many of these devices use open mobile operating systems, such as Android. The ubiquity, performance and low cost of mobile devices have opened the door for creation of a large variety of mobile applications.
User-oriented cryptography usage, both for confidentiality and integrity, has an intrinsic problem, namely, key storage. A user needs to keep the key safe, but the key also needs to be easily available to perform key-related operations. Keys may be kept on user's computer or on a special device, such as a smart card. Both solutions are not ideal and, as a consequence, performance of cryptographic operations often is difficult and may require special hardware (such as a smart card reader) that is often not installed.
A quick response (QR) code is a matrix barcode (or two-dimensional code), readable by QR scanners, mobile phones with a camera, and smartphones. QR code-based authentication for logging into a secure online account is well-known. In one such scheme, the user opens a web browser to a page that includes a QR code. The user scans the code with his or her mobile device, which triggers the appearance on the device's browser of a link to a web page. Once the link is followed to an account login page and the user enters his or her login credentials on the phone, the computer browser redirects the user to his or her logged-in account.
Mobile device-based authentication often relies on a private key stored on the device. It would be desirable to provide cryptographic schemes that enable use of such a private key while at the same time ensuring the integrity and confidentiality of the key. This disclosure addresses this need.